abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Zhi Guan
2021-09-10 11:29:16 +08:00
parent ae001fbf15
commit bcad2eb8dd
175 changed files with 5701 additions and 8583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

646
tests/cmstest.c
View File

@@ -1,49 +1,17 @@
/*
* Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved.
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* http://www.apache.org/licenses/LICENSE-2.0
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
@@ -59,25 +27,512 @@
static int test_cms_data(void)
{
uint8_t data[20];
uint8_t content_info[512];
size_t content_info_len = sizeof(content_info);
uint8_t der[512];
uint8_t *p = der;
size_t len = 0;
int i;
memset(data, 'A', sizeof(data));
cms_content_info_set_data(content_info, &content_info_len, data, sizeof(data));
cms_content_info_print(stdout, content_info, content_info_len, 0, 0);
return 1;
if (cms_content_info_to_der(CMS_data, data, sizeof(data), &p, &len) != 1
|| cms_content_info_print(stdout, der, len, 0, 0) != 1) {
error_print();
return -1;
}
return 0;
}
static int test_cms_enced_content_info(void)
{
SM4_KEY sm4_key;
uint8_t key[16] = {0};
uint8_t iv[16] = {0};
uint8_t data[] = "Hello!";
uint8_t buf[512];
const uint8_t *cp = buf;
uint8_t *p = buf;
size_t len = 0;
int content_type;
uint8_t content[512] = {0};
const uint8_t *shared_info1;
const uint8_t *shared_info2;
size_t content_len;
size_t shared_info1_len;
size_t shared_info2_len;
sm4_set_encrypt_key(&sm4_key, key);
if (cms_enced_content_info_encrypt_to_der(&sm4_key, iv,
CMS_data, data, sizeof(data),
NULL, 0, NULL, 0, &p, &len) != 1) {
error_print();
return -1;
}
sm4_set_decrypt_key(&sm4_key, key);
if (cms_enced_content_info_decrypt_from_der(&sm4_key, &content_type, content, &content_len,
&shared_info1, &shared_info1_len,
&shared_info2, &shared_info2_len,
&cp, &len) != 1) {
error_print();
return -1;
}
printf("ContentType: %s\n", cms_content_type_name(content_type));
printf("Content: %s\n", (char *)content);
printf("SharedInfo1: %s\n", (char *)shared_info1);
printf("SharedInfo2: %s\n", (char *)shared_info2);
return 0;
}
static int test_cms_encrypt(void)
{
uint8_t key[16];
uint8_t msg[] = "Hello world!";
uint8_t cbuf[512];
uint8_t mbuf[512] = {0};
size_t clen, mlen;
int content_type = 0;
const uint8_t *shared_info1 = NULL;
const uint8_t *shared_info2 = NULL;
size_t shared_info1_len, shared_info2_len;
printf("%s()\n", __FUNCTION__);
if (cms_encrypt(key, msg, sizeof(msg), cbuf, &clen) != 1) {
error_print();
return -1;
}
cms_content_info_print(stdout, cbuf, clen, 0, 0);
if (cms_decrypt(key, cbuf, clen, &content_type, mbuf, &mlen) != 1) {
error_print();
return -1;
}
printf(" ContentType : %s\n", cms_content_type_name(content_type));
printf(" Content: %s\n", mbuf);
return 0;
}
static int test_cms_key_agreement_info(void)
{
SM2_KEY sm2_key;
X509_CERTIFICATE cert;
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
const uint8_t *id;
size_t idlen;
if (sm2_private_key_from_pem(&sm2_key, key_fp) != 1) {
error_print();
return -1;
}
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
if (cms_key_agreement_info_to_der(&sm2_key, &cert, (uint8_t *)"Alice", strlen("Alice"), &p, &len) != 1) {
error_print();
return -1;
}
cms_key_agreement_info_print(stdout, buf, len, 0, 0);
if (cms_key_agreement_info_from_der(&sm2_key, &cert, &id, &idlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
return 0;
}
static int test_cms_issuer_and_serial_number(void)
{
FILE *cert_fp = fopen("sign_cert.pem", "r");
X509_CERTIFICATE cert;
X509_NAME issuer;
const X509_NAME *issuer_ptr;
const uint8_t *serial_number;
size_t serial_number_len;
const SM2_KEY *sm2_key;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
if (cms_issuer_and_serial_number_from_certificate(&issuer_ptr,
&serial_number, &serial_number_len, &cert) != 1) {
error_print();
return -1;
}
if (cms_issuer_and_serial_number_to_der(issuer_ptr, serial_number, serial_number_len, &p, &len) != 1) {
error_print();
return -1;
}
if (cms_issuer_and_serial_number_from_der(&issuer, &serial_number, &serial_number_len, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
cms_issuer_and_serial_number_print(stdout, &issuer, serial_number, serial_number_len, 0, 0);
return 0;
}
// 从这个测试可以看出由于CMS类型非常复杂因此最好能够将其打包称为一个struct但是要区分指针类型和存储类型
static int test_cms_recipient_info(void)
{
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
X509_CERTIFICATE cert;
X509_NAME issuer;
SM2_KEY sm2_key;
const X509_NAME *issuer_ptr;
const uint8_t *serial_number;
size_t serial_number_len;
const SM2_KEY *pub_key;
uint8_t key[128] = {1,2,3};
size_t keylen = 16;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
if (cms_public_key_from_certificate(&pub_key, &cert) != 1) {
error_print();
return -1;
}
sm2_key_print(stdout, pub_key, 0, 0);
if (cms_recipient_info_from_x509_certificate(&pub_key, &issuer_ptr, &serial_number, &serial_number_len, &cert) != 1) {
error_print();
return -1;
}
if (cms_recipient_info_encrypt_to_der(pub_key, issuer_ptr, serial_number, serial_number_len, key, keylen, &p, &len) != 1) {
error_print();
return -1;
}
int version;
int pke_algor;
const uint8_t *params;
size_t paramslen;
const uint8_t *enced_key;
size_t enced_key_len;
/*
// 这个函数导致cp, len的长度发生变化
if (cms_recipient_info_from_der(&version, &issuer, &serial_number, &serial_number_len,
&pke_algor, &params, &paramslen,
&enced_key, &enced_key_len,
&cp, &len) != 1) {
error_print();
return -1;
}
cms_recipient_info_print(stdout,
version, &issuer, serial_number, serial_number_len,
pke_algor, params, paramslen,
enced_key, enced_key_len,
0, 0);
*/
if (sm2_private_key_from_pem(&sm2_key, key_fp) != 1) {
error_print();
return -1;
}
sm2_key_print(stdout, &sm2_key, 0, 0);
if (cms_recipient_info_decrypt_from_der(&sm2_key, &issuer, &serial_number, &serial_number_len, key, &keylen, &cp, &len) != 1) {
error_print();
return -1;
}
format_bytes(stdout, 0, 0, "decrypted_key : ", key, keylen);
return 0;
}
static int test_cms_enveloped_data(void)
{
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
X509_CERTIFICATE cert;
X509_NAME issuer;
SM2_KEY sm2_key;
const X509_NAME *issuer_ptr;
const uint8_t *serial_number;
size_t serial_number_len;
const SM2_KEY *pub_key;
uint8_t key[128] = {1,2,3};
size_t keylen = 16;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
uint8_t data[8];
if (cms_enveloped_data_encrypt_to_der(&cert, 1,
CMS_data, data, sizeof(data),
NULL, 0, NULL, 0, &p, &len) != 1) {
error_print();
return -1;
}
error_print_msg("len = %zu\n", len);
//cms_enveloped_data_print(stdout, cp, len, 0, 0);
//return 0;
if (sm2_private_key_from_pem(&sm2_key, key_fp) != 1) {
error_print();
return -1;
}
int content_type;
uint8_t content[512];
size_t content_len;
const uint8_t *shared_info1, *shared_info2;
size_t shared_info1_len, shared_info2_len;
if (cms_enveloped_data_decrypt_from_der(
&sm2_key, &cert,
&content_type, content, &content_len,
&shared_info1, &shared_info1_len,
&shared_info2, &shared_info2_len,
&cp, &len) != 1) {
error_print();
return -1;
}
return 0;
}
static int test_cms_signer_info(void)
{
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
X509_CERTIFICATE cert;
X509_NAME issuer;
SM2_KEY sm2_key;
const X509_NAME *issuer_ptr;
const uint8_t *serial_number;
size_t serial_number_len;
const SM2_KEY *pub_key;
uint8_t key[128] = {1,2,3};
size_t keylen = 16;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
if (cms_issuer_and_serial_number_from_certificate(&issuer_ptr,
&serial_number, &serial_number_len, &cert) != 1) {
error_print();
return -1;
}
uint8_t attrs[10];
if (cms_signer_info_to_der(
issuer_ptr,
serial_number, serial_number_len,
OID_sm3,
attrs, sizeof(attrs),
attrs, sizeof(attrs),
attrs, sizeof(attrs),
&p, &len) != 1) {
error_print();
return -1;
}
const uint8_t *authed_attrs, *unauthed_attrs, *sig;
size_t authed_attrs_len, unauthed_attrs_len, siglen;
int dgst_algor, sign_algor;
if (cms_signer_info_from_der(
&issuer,
&serial_number, &serial_number_len,
&dgst_algor,
&authed_attrs, &authed_attrs_len,
&sign_algor,
&sig, &siglen,
&unauthed_attrs, &unauthed_attrs_len,
&cp, &len) != 1) {
error_print();
return -1;
}
cms_signer_info_print(stdout,
1,
&issuer, serial_number, serial_number_len,
dgst_algor, NULL, 0,
authed_attrs, authed_attrs_len,
sign_algor, NULL, 0,
sig, siglen,
unauthed_attrs, unauthed_attrs_len,
0, 0);
p = buf;
cp = buf;
len = 0;
SM3_CTX sm3_ctx;
// 这里根本没有测试验证过程
/*
270 int cms_signer_info_from_der(X509_NAME *issuer,
271 const uint8_t **serial_number, size_t *serial_number_len,
272 int *digest_algor,
273 const uint8_t **authed_attrs, size_t *authed_attrs_len,
274 int *sign_algor,
275 const uint8_t **enced_digest, size_t *enced_digest_len,
276 const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
277 const uint8_t **in, size_t *inlen);
*/
return 0;
}
static int test_cms_signed_data(void)
{
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
X509_CERTIFICATE cert;
X509_NAME issuer;
SM2_KEY sm2_key;
const X509_NAME *issuer_ptr;
const uint8_t *serial_number;
size_t serial_number_len;
const SM2_KEY *pub_key;
uint8_t key[128] = {1,2,3};
size_t keylen = 16;
uint8_t buf[1512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
uint8_t data[10] = {0};
if (x509_certificate_from_pem(&cert, cert_fp) != 1) {
error_print();
return -1;
}
if (sm2_private_key_from_pem(&sm2_key, key_fp) != 1) {
error_print();
return -1;
}
if (cms_signed_data_sign_to_der(&sm2_key, &cert, 1,
CMS_data, data, sizeof(data),
NULL, 0,
&p, &len) != 1) {
error_print();
return -1;
}
cms_signed_data_print(stdout, buf, len, 0, 0);
// 这个函数有问题因为from_der返回的0和验证签名返回的0可能产生冲突
// 还是应该直接提供一个函数只做verify不做from_der
int content_type;
const uint8_t *dgst_algors, *content, *certs, *crls, *signer_infos;
size_t dgst_algors_len, content_len, certs_len, crls_len, signer_infos_len;
if (cms_signed_data_from_der(
&dgst_algors, &dgst_algors_len,
&content_type, &content, &content_len,
&certs, &certs_len,
&crls, &crls_len,
&signer_infos, &signer_infos_len,
&cp, &len) != 1) {
error_print();
return -1;
}
if (cms_signed_data_verify(
content_type, content, content_len,
certs, certs_len,
signer_infos, signer_infos_len) != 1) {
error_print();
return -1;
}
return 0;
}
static int test_cms_sign(void)
{
SM2_KEY sign_key;
X509_CERTIFICATE sign_cert;
uint8_t data[20];
uint8_t content_info[1024];
size_t content_info_len = 0;
uint8_t in[20];
uint8_t out[1024];
size_t outlen = 0;
FILE *key_fp = fopen("sign_key.pem", "r");
FILE *cert_fp = fopen("sign_cert.pem", "r");
@@ -90,95 +545,50 @@ static int test_cms_sign(void)
error_print();
return -1;
}
if (cms_sign(&sign_key, &sign_cert, 1, CMS_data, data, 20, NULL, NULL, 0, content_info, &content_info_len) != 1) {
if (cms_sign(&sign_key, &sign_cert, 1, in, sizeof(in), out, &outlen) != 1) {
error_print();
return -1;
}
cms_content_info_print(stdout, content_info, content_info_len, 0, 0);
return 1;
}
static int test_cms_enced_content_info(void)
{
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len = 0;
uint8_t iv[16];
uint8_t enced_content[30];
if (cms_enced_content_info_to_der(OID_sm4_cbc, iv, sizeof(iv),
CMS_data, enced_content, sizeof(enced_content),
NULL, 0,
NULL, 0,
&p, &len) != 1) {
error_print();
return -1;
}
cms_content_info_print(stdout, out, outlen, 0, 0);
int content_type;
int enc_algor;
const uint8_t *enc_iv;
size_t enc_iv_len;
const uint8_t *penced_content;
size_t enced_content_len;
const uint8_t *shared_info1, *shared_info2;
size_t shared_info1_len, shared_info2_len;
const uint8_t *content, *certs, *crls, *signer_infos;
size_t content_len, certs_len, crls_len, signer_infos_len;
if (cms_enced_content_info_from_der(&content_type,
&enc_algor, &enc_iv, &enc_iv_len,
&penced_content, &enced_content_len,
&shared_info1, &shared_info1_len,
&shared_info2, &shared_info2_len,
&cp, &len) != 1) {
if (cms_verify(&content_type, &content, &content_len,
&certs, &certs_len,
&crls, &crls_len,
&signer_infos, &signer_infos_len,
out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
static int test_cms_encrypt(void)
{
uint8_t key[16];
uint8_t msg[] = "Hello world!";
uint8_t cbuf[512];
uint8_t mbuf[512];
size_t clen, mlen;
int content_type = 0;
const uint8_t *shared_info1 = NULL;
const uint8_t *shared_info2 = NULL;
size_t shared_info1_len, shared_info2_len;
if (cms_encrypt(key, msg, sizeof(msg), cbuf, &clen) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 0, "EncryptedData\n", cbuf, clen);
if (cms_decrypt(key, cbuf, clen, &content_type, mbuf, &mlen,
&shared_info1, &shared_info1_len,
&shared_info2, &shared_info2_len) != 1) {
error_print();
return -1;
}
return 1;
}
int main(void)
{
// 很可能x509_algor.c中有错误
test_cms_enced_content_info();
//test_cms_encrypt();
//test_cms_data();
//test_cms_enced_content_info();
//test_cms_encrypt();
//test_cms_key_agreement_info();
//test_cms_issuer_and_serial_number();
//test_cms_recipient_info();
//test_cms_signer_info();
//test_cms_signed_data();
test_cms_enveloped_data();
//test_cms_sign();
return 0;
}